Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Jan 2012 08:43:08 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Dragonfly BSD SHA2

On 01/18/2012 11:08 AM, Solar Designer wrote:
> You may need to make two or more 64-bit installs of DragonFly (different
> versions - e.g., just after they introduced this SHA-2 stuff vs. latest).

There has only been one release with these crypt types included. I think
they should (at least) include the enclosed diff in order not to break
things in the next release. This would at least stop things from
changing between builds. But I am not gonna try persuade them, they
don't seem interested anyway.

magnum

diff --git a/etc/login.conf b/etc/login.conf
index 2310e98..794c733 100644
--- a/etc/login.conf
+++ b/etc/login.conf
@@ -19,7 +19,7 @@
 # Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
 
 default:\
-	:passwd_format=sha256:\
+	:passwd_format=md5:\
 	:copyright=/etc/COPYRIGHT:\
 	:welcome=/etc/motd:\
 	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
diff --git a/lib/libcrypt/crypt-sha256.c b/lib/libcrypt/crypt-sha256.c
index ce50c57..e0f1098 100644
--- a/lib/libcrypt/crypt-sha256.c
+++ b/lib/libcrypt/crypt-sha256.c
@@ -45,10 +45,12 @@
 char*
 crypt_sha256(const char *pw, const char *salt)
 {
-	static const char *magic = "$3$"; /* Magic string for this
-										 * algorithm. Easier to change
-										 * when factored as constant.
-										 */
+	static const char *magic = "$3$\0sha5"; /* Magic string for this
+	                                         * algorithm. Now hardcoded
+	                                         * with bytes previously
+	                                         * included due to a bug
+	                                         * (so they don't change)
+	                                         */
 	static char         passwd[120], *p;
 	static const char *sp, *ep;
 	unsigned char final[SHA256_SIZE];
@@ -76,6 +78,11 @@ crypt_sha256(const char *pw, const char *salt)
 	SHA256_Update(&ctx, pw, strlen(pw));
 	
 	/* Then the magic string */
+	/* using 'sizeof' is a bug but we must keep it that way in
+	   order not to break old hashes. The magic itself is now
+	   prepared so the bug does not cause varying magic but it
+	   will (and did) cause different magic between 32-bit and
+	   64-bit builds */
 	SHA256_Update(&ctx, magic, sizeof(magic));
 	
 	/* Then the raw salt. */
diff --git a/lib/libcrypt/crypt-sha512.c b/lib/libcrypt/crypt-sha512.c
index 6b58a28..514a6bb 100644
--- a/lib/libcrypt/crypt-sha512.c
+++ b/lib/libcrypt/crypt-sha512.c
@@ -45,10 +45,12 @@
 char*
 crypt_sha512(const char *pw, const char *salt)
 {
-	static const char *magic = "$4$"; /* Magic string for this
-										 * algorithm. Easier to change
-										 * when factored as constant.
-										 */
+	static const char *magic = "$4$\0/etc"; /* Magic string for this
+	                                         * algorithm. Now hardcoded
+	                                         * with bytes previously
+	                                         * included due to a bug
+	                                         * (so they don't change)
+	                                         */
 	static char         passwd[120], *p;
 	static const char *sp, *ep;
 	unsigned char final[SHA512_SIZE];
@@ -76,6 +78,11 @@ crypt_sha512(const char *pw, const char *salt)
 	SHA512_Update(&ctx, pw, strlen(pw));
 	
 	/* Then the magic string */
+	/* using 'sizeof' is a bug but we must keep it that way in
+	   order not to break old hashes. The magic itself is now
+	   prepared so the bug does not cause varying magic but it
+	   will (and did) cause different magic between 32-bit and
+	   64-bit builds */
 	SHA512_Update(&ctx, magic, sizeof(magic));
 	
 	/* Then the raw salt. */
@@ -93,6 +100,8 @@ crypt_sha512(const char *pw, const char *salt)
 	 * For-loop form of the algorithm in sha256.c;
 	 * breaks the final output up into 3cols and then base64's each row.
 	 */
+	/* This is buggy (last 16 bits not included) but if it's fixed, old
+	   hashes will cease to work */
 	for (i = 0; i < 20; i++) {
 		l = (final[i] << 16) | (final[i + 21] << 8) | final[i + 42];
 		_crypt_to64(p, l, 4); p += 4;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ